... Preface Acknowledgments SAP Governance, Risk, and Compliance Overview Planning SAP GRC Implementations...

Transcription

1 ... Preface Structure of This Book Target Audience How to Use This Book Conclusion Acknowledgments SAP Governance, Risk, and Compliance Overview SAP GRC Suite Overview and Components Value of the Suite as a Whole Reasons to Implement SAP GRC SAP Access Control SAP Process Control SAP Risk Management SAP Global Trade Services and SAP Nota Fiscal Electronica Shared Master Data SAP Content Life Cycle Management SAP GRC 10.0 Architecture and Landscape Backend System Requirements Two- Tier versus Three-Tier Landscapes Frontend Options Summary Planning SAP GRC Implementations Regulations and Policies in SAP GRC Japan s J-SOX Australia s CLERP Canada s C Basel II Purpose of SAP GRC Tools Business Processes and Controls Organizational Hierarchy and Local Controls User Interface and Work Center Rules Reporting Summary SAP Access Control Overview General Assumptions during Implementation SAP NetWeaver Business Client as SAP Access Control User Interface SAP NetWeaver Business Client Use Case SAP Access Control Post-Installation Technical Settings Basis Preliminary Check Activating BC Sets Activate Common Workflow Workflow Verification Troubleshooting for Task-Specific Customization Shared Configuration of SAP GRC Systems SAP Crystal Reports Features Activate Profile of Roles Delivered by SAP Creating the Initial User in the ABAP System SAP Access Control Configuration Summary

2 4... Emergency Access Management Overview Using Emergency Access Management Emergency Access Management Configuration in SAP GRC Configuration Parameters General Configuration Steps Configuration Using a Firefighter ID Reporting Consolidated Log Report Reason Code and Activity Report Firefighter Log Summary Report Invalid Emergency Access Report Transaction Logs and Session Detail SOD Conflict Report for Firefighter IDs Reason Code Usage Frequency Summary Access Risk Analysis Overview Access Risk Analysis Basic Configuration Maintaining SAP Access Control Risk Analysis Configuration Parameters Adding a Connector to the AUTH Scenario Risk Loading and Activation Synchronization Jobs Rule Set Maintenance Maintain Shared Master Data Perform Batch Risk Analysis Access Risk Analysis Reporting Risk Remediation Process Role Cleanup Process with Access Risk Analysis Risk Mitigation as Remediation Alert Monitoring Risk Terminator Configuration Setup in the SAP GRC System Configuration Setup in the Plug-In System Access Risk Analysis 10.0: Additional Features Initial Access Risk Assessment Additional Reporting Features Summary Business Role Manager Overview Business Role Manager Configuration Activation of BC Sets Verifying Default Configuration Parameters Maintain Role Type Settings Specify Naming Conventions Standard Role Methodology MSMP Workflow Configuration Creating Role Owners Business Role Manager Use: Creating a New Single Role Assigning Authorizations to the New Role Analyzing Access Risks and Remediation Request Approval Role Generation Testing the Role Role Maintenance and Reporting

3 Summary User Access Management Overview Different User Roles in User Access Management General Users Requestors Approvers Administrators Auditors Maintenance of Users User Access Management Configuration Basic Requirements Activation of Business Configuration (BC) Sets Configuration Parameters Maintain Connector Settings Maintain Data Sources Configuration Define Request Type Maintain Number Range Intervals for Provisioning Requests Define Number Range for Provisioning Requests Maintain End User Personalization Maintain Provisioning Settings Maintain User Defaults Activate End User Logon Configure the MSMP Workflow Process Details: Change/Create Access Request Role Availability for Provisioning Access Request Process Steps Password Self-Service Maintain Password Self-Service User Access Management Reporting Summary SAP Access Control Advanced Topics Multistage Multipath (MSMP) Workflow Configure Process and Global Setting Maintain Rules and Rule Results Maintain Agents Variables and Templates Maintain Paths and Assign Stages to Path Maintain Stages Maintain Stage Task Settings Notification Settings Maintain Route Mapping Generate Versions Debugging MSMP Business Rule Framework Plus (BRF+) BRF+ Use Case in SAP Access Control Chaining Routing Rules Using a Function Module and BRF BRF+ Function in Business Role Manager Workflow Notification Maintenance in MSMP Available Notification Templates Notification Variables Customizing Workflow Processes: Notifications Creation of Custom Document Objects Associate Custom Document Object with Message Class

4 Select Notification Templates and Recipients Setting Up Reminders Periodic Reviews Configuration for SoD Review Maintain Reviewers and Coordinators Generate Data for SoD Review HR Triggers Summary SAP Process Control Overview The Evolution of SAP Process Control SAP Process Control Features Date Validity Views Architecture Installation and Setup Configuration and Basic Settings General Settings Shared Master Data Settings SAP Process Control Reporting Common Component Settings for SAP Process Control Implementation Overview of SAP Process Control Setting Business Goals Phased Approaches Master Data Collection Process Control Users and Roles Overview of SAP Process Control Usage Documenting Scope Evaluation Monitoring and Remediation Reporting Certification Policy Management Summary SAP Process Control Master Data Organizations Multiple Hierarchies Validity Dates and Time Frames in the Organization Structure Business Process Models Regulations Policies Accounts and Account Groups Master Data Content Management and Transport Master Data Upload Generator Content Lifecycle Management CLM versus MDUG Summary Continuous Controls Monitoring Continuous Monitoring Architecture Configuring Continuous Control Monitoring Creating Data Sources Adding Data Source Information

5 Defining the Technical Details Pointing to a Connector Adding Documentation Creating Business Rules Basic Information Filter Criteria Deficiency Criteria Conditions and Calculations Technical Settings and Monitoring Rule Behavior Ad Hoc Query Data Source Types and Related Rules Assigning Rules to Controls Scheduling Monitoring Rules Structured Approach to Continuous Controls Monitoring The Nature of ERP Controls The Goal of Monitoring Effective Monitoring The Importance of Proper Configurations and Master Data Settings Transactions Reports and Analytics Summary Continuous Controls Monitoring: Data Source Types Configurable Data Sources and Rules Configurable Data Sources Configurable Business Rules Limitations of Configurable Data Sources and Rules Change Log Check Rules Change Tracking: Logs versus Polling Defining Change Log Rules Other Data Source Types and Rules ABAP Reports Segregation of Duty Integration SAP NetWeaver BW Query Event- Driven Data Sources SAP NetWeaver Process Integration External Partner Data Sources ABAP Program Data Sources Performance Considerations with Change Logging Summary Continuous Controls Monitoring: Advanced Topics Operational Data Provider (ODP) Rules SAP HANA Using SAP NetWeaver BRF+ to Build Advanced Rules Using BRF+ Rules in SAP Process Control Business Rules Additional Features of BRF+ and SAP Process Control Advanced Rule Logic: Grouping, Aggregation, and Currency Conversion Using the BRF+ Workbench Continuous Control Monitoring: Content Export/Import Summary Continuous Controls Monitoring: Miscellaneous Topics Efficiently Managing Continuous Controls Monitoring Content Data Sources

6 Business Rules Organization-Level System Parameters (OLSP) OLSP and Business Rule Filter Conditions Combine Runtime Binding of Date Ranges Decoupling Test Schedule from Test Period CCM Data Security Guiding Principles Analysis The Goal The Solution CCM Data Security Model Summary SAP Risk Management Implementation Enterprise Risk Management Overview Enterprise Risk Management Scenario Business Blueprint Solution Configuration Data Conversion and Master Data Setup Authorization Concept and Roles Workflows Reporting Operational Risk Management Overview Operational Risk Management Scenario Business Blueprint Solution Configuration Master Data Setup Loss Event Management Workflow and Upload Reporting Summary Trade Compliance and Financial Risk Global Trade Key Functions SAP Compliance Management SAP Customs Management SAP Risk Management SAP ERP Setup for Trade Preference Processing Set Up Communication from SAP ERP to SAP GTS Set Up Document Transfer in SAP ERP Maintain BOM Transfer Settings Define a Worklist for Vendor-Based Long-Term Vendor Declarations SAP Global Trade Services Setup Define Basic Settings in SAP GTS Set Up System Communication in SAP GTS Number Range Configuration within SAP GTS Define and Assign Organizational Parameters Define the Country Group Define and Activate a Legal Regulation SAP Risk Management General Settings Activate the Document Type and Item Category Define an Organizational Structure Activate the Preference Agreement Define and Assign the Rule Set Set Control Settings for the Data Scope in Vendor Declarations SAP GTS Benefits

7 Summary Compliance with Environment, Health, and Safety Management Integration of SAP EHS Management and SAP Global Trade Services SAP EHS Management Configuration SAP Global Trade Services Configuration Visualization Features with SAP GTS Accessing the New User Interface SAP NetWeaver Business Client (NWBC) Sanctioned Party List Screening Configuration SAP Global Trade Services Deployment and Reporting Deployment Options Reporting Summary Supply Chain Compliance Import Filing to Reduce Compliance Costs Import Processes within SAP ERP SAP Global Trade Services Declarations Customs Document Review Customs Import Process Configuration with SAP ERP SAP Global Trade Services Configuration Configuration Settings for SAP Customs Management Summary Conclusion Chapter Review Business Benefits of the GRC Suite GRC Suite and their Value SAP GRC Future Outlook The Authors Index